shadow-number

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill requires the agent to retrieve temporary phone numbers and OTP codes from the API and then place those values verbatim into website forms/commands (e.g., enter +{phoneNumber} and data.sms.code), so the LLM would handle and emit secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly offloads phone verification and intercepts SMS OTPs to a third‑party API (and triggers automatic crypto payments), intentionally enabling bypass of authentication, credential/OTP capture and account-creation abuse.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs payments: it "handles x402 crypto payment automatically" and states "your agent wallet will automatically pay ~$0.10 USDC on Base when the server returns HTTP 402." That indicates the skill triggers on-chain crypto payment from an agent-controlled wallet (signing/sending USDC on Base) as part of the buy flow. This is a specific crypto/blockchain payment capability, which qualifies as Direct Financial Execution.